Overview

overview

9

Static

static

b60c9ddb37...39.exe

windows7-x64

9

b60c9ddb37...39.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    128s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 18:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b60c9ddb370e767a41767960edfd3fd567231d6a00b38eae9981a1af3453d439.exe

  • Size

    2.2MB

  • MD5

    827fd2822c3ad2374274d1f03a690e8d

  • SHA1

    2a12ce4c1d9d1c93f2b23ffe8bcea6afe3308eb4

  • SHA256

    b60c9ddb370e767a41767960edfd3fd567231d6a00b38eae9981a1af3453d439

  • SHA512

    8edace368cd0274d1c48f96826c5ee302ab6eb3764d959116e352391dc5d7f0134b2124d547ce483bd2e692a40874196e661ec52fa839ce08cd98703c6a30d9f

  • SSDEEP

    49152:trWKhzrycS8Iqdwk0cQHGiYYSzSY5voVU7zQY3Mo9:VWEfylqdwkLQHHhsSYt8kMY

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b60c9ddb370e767a41767960edfd3fd567231d6a00b38eae9981a1af3453d439.exe
    "C:\Users\Admin\AppData\Local\Temp\b60c9ddb370e767a41767960edfd3fd567231d6a00b38eae9981a1af3453d439.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1056
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.8484848.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2024
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1052

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    1KB

    MD5

    90f5ce02b83fee4e988292e67037b81d

    SHA1

    3d5f6458030672529571af1172394cad9a4e3d05

    SHA256

    53e2a9384b2b963e72f574bbe6028df2c428eac39c96959bc61d614559da20d2

    SHA512

    4f81b11516dfb4011eb531366e2e783055fca43d76db1bd35a178e8db75e7126d393ac29bfbe056be3a2c16defcdb16337a6b7be652b2241e81a457f652b2ca1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
    Filesize

    1KB

    MD5

    efe31a471841c665aa225154ba959264

    SHA1

    74db42ed38cb67be5d949137f4f12702eb9c566c

    SHA256

    84fd76ae7fd9af2b596f70a4d8aa9f078e32f3ea0b310b94c7c97f627426d5f2

    SHA512

    7f6df66f4b7afce2e7e3d2cd73f20b8fbe082dcf82a9aeaada499e701648908fcd3c3311ba0e65692daf36ba0dde935fd9f4adc4cd6dc7057101ce60bd60ccc6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
    Filesize

    1KB

    MD5

    c2e0aaa07ab760b944fb11f06eb2f97c

    SHA1

    6dbc44eb797f35448f7a85450141f7195d9ec172

    SHA256

    612e3a6f19d28b4d4af26d9bf13bbe1f1a217ca1f442b080590ba91e2c9b3712

    SHA512

    e08b5af8e27e48c03107ca69c242245dbfd4eb34c7471c364fc5fe165de97d8bcc1cf43dc261c96af4da1c0989b7d4eeef89de0ed05c9eb68e7dbaa76ac13513

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    508B

    MD5

    4167971115dc0f8261632ebb8705dfbf

    SHA1

    470631b0b636704266a50ef4b2d76756770bb83a

    SHA256

    b1a502db67147b7dcf579777374435e9f3117137c9d8f21046d61d81c78fdfd9

    SHA512

    ada19c7a2a526adf9eb412683282c7c669a92452c8011ddcc0aa35510008a85bf6755aee176b5568926695dfe46ac0d9cb8f3644d64440921a2c52f55003c13d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
    Filesize

    532B

    MD5

    86b36d3ffdc74b0d2badd0a4e593a12b

    SHA1

    93aadfb81aaf485e1a81ffc3471114e484743394

    SHA256

    cb82cfc76c3007ea61c5b958cea3145ed6e1899c43ffc4de0f31bec4bd2f8c82

    SHA512

    b282f816410899c90d2057880be354a165c9e0d026a9e8a6a4320710f214a20d4f2aacf32282ec83c0c3f88d450eac4bdd78c4974e87b1db51fecff532ed7a3c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    628d6cd10da48d54681f0317d31c63aa

    SHA1

    03734a41cdf6464f99242735d625ea03b8c09069

    SHA256

    d2f82e374c23ed60adc99bacbbdb4fc83730f4f7d1fa951a70168c9afd11fbee

    SHA512

    bb64b7603251406b8795c63251c57eee551180b276927addb34294e40d5aee802973764bd3e5ed8bead4b56e31f157f257fc3ff66088da3df9d24d2facb140c8

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
    Filesize

    506B

    MD5

    dbf55f87d8b9e0a4d17aeb1e1fcc29cb

    SHA1

    8589505b72518e3d2da006284a92d7f57ab9619e

    SHA256

    4fdc05bf53f9810678005024a72133e9015022af30378a7630a35dd46d7a9556

    SHA512

    bded0632808410eaf79decbdcabf842f4fc3e3516733339dc37b59d2d6385ffb02cfac56528c9f6f3e4838ca3e92ae75d5a1b1df37cea9d27c2ecbaf9113ccfa

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat
    Filesize

    8KB

    MD5

    a010bd0c75f3dbd1c5bc2b0c2e53ded0

    SHA1

    dd9c9699548ef9b91650092ac68c4f0fb38b26b2

    SHA256

    0d0d8e22ca2a268e5a894d1bfc2cdc48e3e90bf1b6d64a66996250f94172729c

    SHA512

    04709caf255d7398449037b9df66458a0b3fff2a9cf7e34d9ef2bc2e90176776a1bfc0ea73160feb7a3f8f5297f9d971508294a80bae770e1cd5f9e7fe91e826

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9JJ037ZA.txt
    Filesize

    608B

    MD5

    67584be57e77067a989b97a5be551d8b

    SHA1

    06b2d54888eecafc0c6edd7cace0484d6247364d

    SHA256

    794956d1b85caf88528e8bb4bbe947978ac7460f995be37eded7eaf73e329ff8

    SHA512

    e9af8ec31229957fc28e195ef6d2e0598f9c2f21afb7e556a44b40f747d86164351fdf70a1708377141dc4cc695338287b31165a49370d8393fb90ae89cd9765

    Download Submit
  • \Users\Admin\AppData\Local\Temp\SkinH_EL.dll
    Filesize

    86KB

    MD5

    147127382e001f495d1842ee7a9e7912

    SHA1

    92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

    SHA256

    edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

    SHA512

    97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

    Download Submit
  • memory/1056-54-0x0000000075A71000-0x0000000075A73000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1056-56-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download